Methods, apparatus and systems for authentication

ABSTRACT

The present invention relates to methods, apparatus and systems for authentication of a user based on ear biometric data, and voice biometric data or other authentication data. The ear biometric data may be combined with voice biometric data or with a security question and response.

TECHNICAL FIELD

Embodiments of the disclosure relate to methods, apparatus and systemsfor authentication of a user, and particularly to methods, apparatus andsystems for authentication of a user based on ear biometric data.

BACKGROUND

It is known that the acoustic properties of a user's ear, whether theouter parts (known as the pinna or auricle), the ear canal or both,differ substantially between individuals and can therefore be used as abiometric to identify the user. One or more loudspeakers or similartransducers positioned close to or within the ear generate an acousticstimulus, and one or more microphones similarly positioned close to orwithin the ear detect the acoustic response of the ear to the acousticstimulus. One or more features may be extracted from the responsesignal, and used to characterize an individual.

For example, the ear canal is a resonant system, and therefore onefeature which may be extracted from the response signal is the resonantfrequency of the ear canal. If the measured resonant frequency (i.e. inthe response signal) differs from a stored resonant frequency for theuser, a biometric algorithm coupled to receive and analyse the responsesignal may return a negative result. Other features of the responsesignal may be similarly extracted and used to characterize theindividual. For example, the features may comprise one or more melfrequency cepstrum coefficients. More generally, the transfer functionbetween the acoustic stimulus and the measured response signal (orfeatures of the transfer function) may be determined, and compared to astored transfer function (or stored features of the transfer function)which is characteristic of the user.

SUMMARY

One problem faced by biometric algorithms is the need to achieveacceptable performance in two respects. First, the algorithm shouldprovide acceptable security so that unauthorised users are not falselyrecognized as authorised users. The likelihood that the algorithm willaccept an access attempt by an unauthorised user is known as the falseacceptance rate (FAR), and should be kept low if the algorithm is toprovide reasonable security. Second, the algorithm should work reliably,so that authorised users are not falsely rejected as unauthorised. Thelikelihood that the algorithm will reject an access attempt by anauthorised user is known as the false rejection rate (FRR), and shouldalso be kept low if the algorithm is not to prove frustrating forauthorised users seeking authentication.

The problem is that these two performance requirements conflict witheach other. A low FRR can be achieved by relaxing the requirements for auser to achieve authentication. However, this will also have theconsequence of increasing the FAR. Conversely, a low FAR can be achievedby making the requirements for a user to achieve authenticationstricter. However, this will have the consequence of increasing the FRR.

One way to decrease both FAR and FRR is to increase the efficacy of thebiometric algorithm itself. However, designing the algorithm to achievehigh performance is difficult. Further, the efficacy may depend onfactors which are outside the designers' control. For example, theefficacy of the algorithm may depend on the quality of the biometricdata. However, the user may be in a noisy environment such that poordata quality is unavoidable.

The efficacy of the algorithm may further depend on the discriminatorynature of the biometric itself. For example, a biometric algorithm whichdiscriminates between users based solely on gender will only everachieve a 50% FAR and a 50% FRR at best.

The efficacy of the authentication process overall may therefore beimproved by combining multiple authentication processes (whetherbiometric or not). Each authentication process may be associated withparticular FAR and FRR values; however, the FAR and FRR for thecombination of multiple authentication processes may be significantlylower.

For example, let us assume that a first authentication process has a FARof 10%; one in ten users will be accepted by the first authenticationprocess (i.e. identified as an authorised user). Now let us assume thatthe user is required to pass a second authentication process, which alsohas a FAR of 10%, in addition to the first authentication process.Although one in ten users will be accepted by the second authenticationprocess, the overall FAR (i.e. based on the combination of the first andsecond authentication processes) will in fact be 1%. Therefore theoverall authentication process is markedly improved without having toimprove either the first or second authentication process individually.

According to embodiments of the present disclosure, ear biometric data,which may be acquired using any of the personal audio devices describedabove with respect to FIGS. 1a to 1 e, is combined with authenticationdata acquired via one or more further mechanisms, to improve theperformance of the overall authentication process. For example, in oneembodiment, the ear biometric data is combined with voice biometricdata. In another embodiment, the ear biometric data is combined with asecurity question and response. In the latter embodiment, the securityquestion may be output to the user audibly, and the (audible) responsedetected with a microphone. The response may therefore additionally beused for voice biometric authentication.

One aspect of the disclosure provides a method in a biometricauthentication system. The method comprises: obtaining ear biometricdata for a user to be authenticated; identifying the user as aparticular authorised user based on the ear biometric data;

outputting a security question message to the user, specific to theparticular authorised user; and authenticating the user as theparticular authorised user based on a response message from the user.

Another aspect of the disclosure provides a method in a biometricauthentication system. The method comprises: obtaining ear biometricdata for a user to be authenticated; obtaining voice biometric data fromthe user to be authenticated; and utilizing the ear biometric data andthe voice biometric data to authenticate an identity of the user.

A further aspect of the disclosure provides a method in a biometricauthentication system. The method comprises: obtaining ear biometricdata for a user to be authenticated; outputting a security questionmessage to the user; and authenticating the user as an authorised userbased on the ear biometric data and a response message from the user.

Another aspect provides an apparatus for biometric authentication. Theapparatus comprises: an ear biometric module configured to obtain earbiometric data for a user to be authenticated; a decision moduleconfigured to identify the user as a particular authorised user based onthe ear biometric data; an output, for outputting a security questionmessage to the user, specific to the particular authorised user; and anauthentication module configured to authenticate the user as theparticular authorised user based on a response message from the user.

An aspect of the disclosure provides an electronic apparatus comprisingprocessing circuitry and a non-transitory machine-readable mediumstoring instructions which, when executed by the processing circuitry,cause the electronic apparatus to: obtain ear biometric data for a userto be authenticated; identify the user as a particular authorised userbased on the ear biometric data; output a security question message tothe user, specific to the particular authorised user; and authenticatethe user as the particular authorised user based on a response messagefrom the user.

A further aspect provides a non-transitory machine-readable mediumstoring instructions which, when executed by processing circuitry, causean electronic apparatus to: obtain ear biometric data for a user to beauthenticated; identify the user as a particular authorised user basedon the ear biometric data; output a security question message to theuser, specific to the particular authorised user; and authenticate theuser as the particular authorised user based on a response message fromthe user.

BRIEF DESCRIPTION OF THE DRAWINGS

For a better understanding of examples of the present disclosure, and toshow more clearly how the examples may be carried into effect, referencewill now be made, by way of example only, to the following drawings inwhich:

FIGS. 1a to 1e show examples of personal audio devices;

FIG. 2 shows an arrangement according to embodiments of the disclosure;

FIG. 3 shows a system according to embodiments of the disclosure;

FIG. 4 is a flowchart of a method according to embodiments of thedisclosure; and

FIG. 5 is a flowchart of a method according to further embodiments ofthe disclosure.

DETAILED DESCRIPTION

As noted above, ear biometric data may be acquired by the generation ofan acoustic stimulus, and the detection of an acoustic response of theear to the acoustic stimulus. One or more features may be extracted fromthe response signal, and used to characterize the individual.

The acoustic stimulus may be generated and the response measured using apersonal audio device. As used herein, the term “personal audio device”is any electronic device which is suitable for, or configurable to,provide audio playback substantially to only a single user. Someexamples of suitable personal audio devices are shown in FIGS. 1a to 1e.

FIG. 1a shows a schematic diagram of a user's ear, comprising the(external) pinna or auricle 12 a, and the (internal) ear canal 12 b. Apersonal audio device 20 comprising a circum-aural headphone is worn bythe user over the ear. The headphone comprises a shell whichsubstantially surrounds and encloses the auricle, so as to provide aphysical barrier between the user's ear and the external environment.Cushioning or padding may be provided at an edge of the shell, so as toincrease the comfort of the user, and also the acoustic coupling betweenthe headphone and the user's skin (i.e. to provide a more effectivebarrier between the external environment and the user's ear).

The headphone comprises one or more loudspeakers 22 positioned on aninternal surface of the headphone, and arranged to generate acousticsignals towards the user's ear and particularly the ear canal 12 b. Theheadphone further comprises one or more microphones 24, also positionedon the internal surface of the headphone, arranged to detect acousticsignals within the internal volume defined by the headphone, the auricle12 a and the ear canal 12 b.

The headphone may be able to perform active noise cancellation, toreduce the amount of noise experienced by the user of the headphone.Active noise cancellation operates by detecting a noise (i.e. with amicrophone), and generating a signal (i.e. with a loudspeaker) that hasthe same amplitude as the noise signal but is opposite in phase. Thegenerated signal thus interferes destructively with the noise and solessens the noise experienced by the user. Active noise cancellation mayoperate on the basis of feedback signals, feedforward signals, or acombination of both. Feedforward active noise cancellation utilizes oneor more microphones on an external surface of the headphone, operativeto detect the environmental noise before it reaches the user's ear. Thedetected noise is processed quickly, and the cancellation signalgenerated so as to match the incoming noise as it arrives at the user'sear. Feedback active noise cancellation utilizes one or more errormicrophones positioned on the internal surface of the headphone,operative to detect the combination of the noise and the audio playbacksignal generated by the one or more loudspeakers. This combination isused in a feedback loop, together with knowledge of the audio playbacksignal, to adjust the cancelling signal generated by the loudspeaker andso reduce the noise. The microphone 24 shown in FIG. 1a may thereforeform part of an active noise cancellation system, for example, as anerror microphone.

FIG. 1b shows an alternative personal audio device 30, comprising asupra-aural headphone. The supra-aural headphone does not surround orenclose the user's ear, but rather sits on the auricle 12 a. Theheadphone may comprise a cushion or padding to lessen the impact ofenvironmental noise. As with the circum-aural headphone shown in FIG. 1a, the supra-aural headphone comprises one or more loudspeakers 32 andone or more microphones 34. The loudspeaker(s) 32 and the microphone(s)34 may form part of an active noise cancellation system, with themicrophone 34 serving as an error microphone.

FIG. 1c shows a further alternative personal audio device 40, comprisingan intra-concha headphone (or earphone). In use, the intra-conchaheadphone sits inside the user's concha cavity. The intra-conchaheadphone may fit loosely within the cavity, allowing the flow of airinto and out of the user's ear canal 12 b.

As with the devices shown in FIGS. 1a and 1b , the intra-conchaheadphone comprises one or more loudspeakers 42 and one or moremicrophones 44, which may form part of an active noise cancellationsystem.

FIG. 1d shows a further alternative personal audio device 50, comprisingan in-ear headphone (or earphone), insert headphone, or ear bud. Thisheadphone is configured to be partially or totally inserted within theear canal 12 b, and may provide a relatively tight seal between the earcanal 12 b and the external environment (i.e. it may be acousticallyclosed or sealed). The headphone may comprise one or more loudspeakers52 and one or more microphones 54, as with the others devices describedabove, and these components may form part of an active noisecancellation system.

As the in-ear headphone may provide a relatively tight acoustic sealaround the ear canal 12 b, external noise (i.e. coming from theenvironment outside) detected by the microphone 54 is likely to be low.

FIG. 1e shows a further alternative personal audio device 60, which is amobile or cellular phone or handset. The handset 60 comprises one ormore loudspeakers 62 for audio playback to the user, and one or moremicrophones 64 which are similarly positioned.

In use, the handset 60 is held close to the user's ear so as to provideaudio playback (e.g. during a call). While a tight acoustic seal is notachieved between the handset 60 and the user's ear, the handset 60 istypically held close enough that an acoustic stimulus applied to the earvia the one or more loudspeakers 62 generates a response from the earwhich can be detected by the one or more microphones 64. As with theother devices, the loudspeaker(s) 62 and microphone(s) 64 may form partof an active noise cancellation system.

All of the personal audio devices described above thus provide audioplayback to substantially a single user in use. Each device comprisesone or more loudspeakers and one or more microphones, which may beutilized to generate biometric data related to the frequency response ofthe user's ear. The loudspeaker is operable to generate an acousticstimulus, or acoustic probing wave, towards the user's ear, and themicrophone is operable to detect and measure a response of the user'sear to the acoustic stimulus, e.g. to measure acoustic waves reflectedfrom the ear canal or the pinna. The acoustic stimulus may be sonic (forexample in the audio frequency range of say 20 Hz to 20 kHz) orultra-sonic (for example greater than 20 kHz or in the range 20 kHz to50 kHz) or near-ultrasonic (for example in the range 15 kHz to 25 kHz)in frequency. In some examples the microphone signal may be processed tomeasure received signals of the same frequency as that transmitted.

Another biometric marker may comprise otoacoustic noises emitted by thecochlear in response to the acoustic stimulus waveform. The otoacousticresponse may comprise a mix of the frequencies in the input waveform.For example if the input acoustic stimulus consists of two tones atfrequencies f1 and f2, the otoacoustic emission may include a componentat frequency 2*f1−f2. The relative power of frequency components of theemitted waveform has been shown to be a useful biometric indicator. Insome examples therefore the acoustic stimulus may comprise tones of twoor more frequencies and the amplitude of mixing products at sums ordifferences of integer-multiple frequencies generated by otoacousticemissions from the cochlear may be measured. Alternatively, otoacousticemissions may be stimulated and measured by using stimulus waveformscomprising fast transients, e.g. clicks.

Depending on the construction and usage of the personal audio device,the measured response may comprise user-specific components, i.e.biometric data, relating to the auricle 12 a, the ear canal 12 b, or acombination of both the auricle 12 a and the ear canal 12 b. Forexample, the circum-aural headphones shown in FIG. 1a will generallyacquire data relating to the auricle 12 a and potentially also the earcanal 12 b. The insert headphones shown in FIG. 1d will generallyacquire data relating only to the ear canal 12 b.

One or more of the personal audio devices described above (or rather,the microphones within those devices) may be operable to detectbone-conducted voice signals from the user. That is, as the user speaks,sound is projected away from the user's mouth through the air. However,acoustic vibrations will also be carried through part of the user'sskeleton or skull, such as the jaw bone. These acoustic vibrations maybe coupled to the ear canal 12 b through the jaw or some other part ofthe user's skeleton or skull, and detected by the microphone. Lowerfrequency sounds tend to experience a stronger coupling than higherfrequency sounds, and voiced speech (i.e. that speech or those phonemesgenerated while the vocal cords are vibrating) is coupled more stronglyvia bone conduction than unvoiced speech (i.e. that speech or thosephonemes generated while the vocal cords are not vibrating). The in-earheadphone 50 may be particularly suited to detecting bone-conductedspeech owing to the tight acoustic coupling around the ear canal 12 b.

All of the devices shown in FIGS. 1a to 1e and described above may beused to implement aspects of the disclosure.

FIG. 2 shows an arrangement 200 according to embodiments of thedisclosure. The arrangement 200 comprises a personal audio device 202and a biometric system 204. The personal audio device 202 may be anydevice which is suitable for, or configurable to provide audio playbackto substantially a single user. The personal audio device 202 generallycomprises one or more loudspeakers, and one or more microphones which,in use, are positioned adjacent to or within a user's ear. The personalaudio device may be wearable, and comprise headphones for each of theuser's ears. Alternatively, the personal audio device may be operable tobe carried by the user, and held adjacent to the user's ear or earsduring use. The personal audio device may comprise headphones or amobile phone handset, as described above with respect to any of FIGS. 1ato 1 e.

The biometric system 204 is coupled to the personal audio device 202 andoperative to control the personal audio device 202 to acquire biometricdata which is indicative of the individual using the personal audiodevice.

The personal audio device 202 thus generates an acoustic stimulus forapplication to the user's ear, and detects or measures the response ofthe ear to the acoustic stimulus. For example, the acoustic stimulus maybe in the sonic range, or ultra-sonic. In some embodiments, the acousticstimulus may have a flat frequency spectrum over a relevant frequencyrange, or be preprocessed in such a way that those frequencies thatallow for a good discrimination between individuals are emphasized (i.e.have a higher amplitude than other frequencies). The measured responsecorresponds to the reflected signal received at the one or moremicrophones, with certain frequencies being reflected at higheramplitudes than other frequencies owing to the particular response ofthe user's ear.

The biometric system 204 may send suitable control signals to thepersonal audio device 202, so as to initiate the acquisition ofbiometric data, and receive data from the personal audio device 202corresponding to the measured response. The biometric system 204 isoperable to extract one or more features from the measured response andutilize those features as part of a biometric process.

Some examples of suitable biometric processes include biometricenrolment and biometric authentication. Enrolment comprises theacquisition and storage of biometric data which is characteristic of anindividual. In the present context, such stored data may be known as an“ear print”. Authentication (alternatively referred to as verificationor identification) comprises the acquisition of biometric data from anindividual, and the comparison of that data to the stored ear prints ofone or more enrolled or authorised users. A positive comparison (i.e. adetermination that the acquired data matches or is sufficiently close toa stored ear print) results in the individual being authenticated. Forexample, the individual may be permitted to carry out a restrictedaction, or granted access to a restricted area or device. A negativecomparison (i.e. a determination that the acquired data does not matchor is not sufficiently close to a stored ear print) results in theindividual not being authenticated. For example, the individual may notbe permitted to carry out the restricted action, or granted access tothe restricted area or device.

The biometric system 204 may, in some embodiments, form part of thepersonal audio device 202 itself. Alternatively, the biometric system204 may form part of an electronic host device (e.g. an audio player) towhich the personal audio device 202 is coupled, through wires orwirelessly. In yet further embodiments, operations of the biometricsystem 204 may be distributed between circuitry in the personal audiodevice 202 and the electronic host device.

FIG. 3 shows a system 300 according to embodiments of the disclosure.

The system 300 comprises processing circuitry 322, which may compriseone or more processors, such as a central processing unit or anapplications processor (AP), or a digital signal processor (DSP). Thesystem 300 further comprises memory 324, which is communicably coupledto the processing circuitry 322. The memory 324 may store instructionswhich, when carried out by the processing circuitry 322, cause theprocessing circuitry to carry out one or more methods as described below(see FIGS. 4 and 5 for example). The one or more processors may performmethods as described herein on the basis of data and programinstructions stored in memory 324. Memory 324 may be provided as asingle component or as multiple components or co-integrated with atleast some of processing circuitry 322. Specifically, the methodsdescribed herein can be performed in processing circuitry 322 byexecuting instructions that are stored in non-transient form in thememory 324, with the program instructions being stored either duringmanufacture of the system 300 or personal audio device 202 or by uploadwhile the system or device is in use.

The processing circuitry 322 comprises a stimulus generator module 303which is coupled directly or indirectly to an amplifier 304, which inturn is coupled to a loudspeaker 306.

The stimulus generator module 303 generates an electrical audio signal(for example, under the instruction of control module 302) and providesthe electrical audio signal to the amplifier 304, which amplifies it andprovides the amplified signal to the loudspeaker 306. The loudspeaker306 generates a corresponding acoustic signal which is output to theuser's ear (or ears). The audio signal may be sonic or ultra-sonic, forexample. The audio signal may have a flat frequency spectrum, or bepreprocessed in such a way that those frequencies that allow for a gooddiscrimination between individuals are emphasized (i.e. have a higheramplitude than other frequencies).

As noted above, the audio signal may be output to all or a part of theuser's ear (i.e. the auricle or the ear canal). The audio signal isreflected off the ear, and the reflected signal (or echo signal) isdetected and received by a microphone 308. The reflected signal thuscomprises data which is characteristic of the individual's ear, andsuitable for use as a biometric.

The reflected signal is passed from the microphone 308 to ananalogue-to-digital converter (ADC) 310, where it is converted from theanalogue domain to the digital domain. Of course, in alternativeembodiments the microphone may be a digital microphone and produce adigital data signal (which does not therefore require conversion to thedigital domain).

The signal is detected by the microphone 308 in the time domain.However, the features extracted for the purposes of the biometricprocess may be in the frequency domain (in that it is the frequencyresponse of the user's ear which is characteristic). The system 300therefore comprises a Fourier transform module 312, which converts thereflected signal to the frequency domain. For example, the Fouriertransform module 312 may implement a fast Fourier transform (FFT). Insome examples the biometric process may not be in the frequency domain,so the Fourier transform module may be omitted.

The transformed signal is then passed to a feature extract module 314,which extracts one or more features of the transformed signal for use ina biometric process (e.g. biometric enrolment, biometric authentication,etc). For example, the feature extract module 314 may extract theresonant frequency of the user's ear. For example, the feature extractmodule 314 may extract one or more mel frequency cepstrum coefficients.Alternatively, the feature extract module may determine the frequencyresponse of the user's ear at one or more predetermined frequencies, oracross one or more ranges of frequencies. The extracted features maycorrespond to data for a model of the ear.

The extracted feature(s) are passed to a biometric module 316, whichperforms a biometric process on them. For example, the biometric module316 may perform a biometric enrolment, in which the extracted features(or parameters derived therefrom) are stored as part of biometric data318 which is characteristic of the individual. The biometric data may bestored within the system 300 or remote from the system 300 (andaccessible securely by the biometric module 316). Such stored data 318may be known as an “ear print”. In another example, the biometric module316 may perform a biometric authentication, and compare the one or moreextracted features to corresponding features in the stored ear print 318(or multiple stored ear prints).

The biometric module 316 may generate a biometric result (which may bethe successful or unsuccessful generation of an ear print, as well assuccessful or unsuccessful authentication) and output the result tocontrol module 302.

In some embodiments the stimulus waveforms may be tones of predeterminedfrequency and amplitude. In other embodiments the stimulus generator maybe configurable to apply music to the loudspeaker, e.g. normal playbackoperation, and the feature extract module may be configurable to extractthe response or transfer function from whatever signal components thestimulus waveform contains.

Thus in some embodiments the feature extract module may be designed withforeknowledge of the nature of the stimulus, for example knowing thespectrum of the applied stimulus signal, so that the response ortransfer function may be appropriately normalised. In other embodimentsthe feature extract module may comprise a second input to monitor thestimulus (e.g. playback music) and hence provide the feature extractmodule with information about the stimulus signal or its spectrum sothat the feature extract module may calculate the transfer function fromthe stimulus waveform stimulus to received acoustic waveform from whichit may derive the desired feature parameters. In the latter case, thestimulus signal may also pass to the feature extract module via the FFTmodule 312.

According to embodiments of the disclosure, the system 300 furthercomprises an additional authentication mechanism 320, which in theillustrated embodiment is coupled to the control module 302. Inalternative embodiments, the additional authentication mechanism 320 maybe coupled to the biometric module 316, for example.

The additional authentication mechanism 320 may be configured to provideone or more authentication algorithms in addition to the ear biometricalgorithm described above. For example, the additional authenticationmechanism 320 may comprise a voice biometric authentication module,configured to perform a biometric authentication algorithm on a voicesignal, e.g. received via the microphone 308 or via another microphonesuch as a dedicated voice microphone (not illustrated). The voice signalmay be air-conducted (i.e. travelling through the air to a microphoneoutside the user's ear) or bone-conducted (i.e. travelling through atleast part of the user's skeleton or skull, such as the jaw bone, anddetected by a suitable microphone or transducer). The bone-conductedvoice signal may be detected by a microphone within the user's ear orexternal to the user's ear. In the former case, the microphone may bethe same as that used for ear biometrics (and potentially the same asthat used for active noise cancellation), or different.

For example, the additional authentication mechanism 320 may comprise aninput-output mechanism for accepting and authorising the user based on apassphrase, password, or pin number entered by the user and associatedwith the authorised user. The input-output mechanism may pose a questionto the user based on the passphrase, password or pin number, the answerto which does not reveal the entire passphrase, password or pin number.For example, the question may relate to a particular character or digitof the passphrase, password or pin number (e.g., “what is the thirdcharacter of the password?”). Thus only part of the user's passphrase,password or pin number is input by the user in response to the question.The question may require the performance of a mathematical or logicaloperation on the pin number or part thereof (e.g., “what is the firstdigit of the pin number plus three?”). The input-output mechanism mayoutput the question audibly (e.g. through playback over the loudspeaker306), so that only the user can hear the question. Further, theinput-output mechanism may provide for input of the answer audibly (e.g.through the microphone 308 or some other microphone such as a voicemic), or via some other input mechanism, such as a touchscreen, keypad,keyboard, or similar.

As the question is provided only to the user (e.g. via the personalaudio device), third parties in the vicinity of the user may be unableto hear it. Thus, although the third parties may overhear the spokenanswer, they are unable to determine the question which was asked andtherefore acquire no useful knowledge as to the user's password,passphrase or pin number.

FIG. 4 is a flowchart of a method according to embodiments of thedisclosure.

In step 400, ear biometric data is acquired from a user seekingauthentication. For example, the biometric system may acquire ear modeldata from a personal audio device, which generates an acoustic stimulusfor application to the user's ear, and extract one or more features fromthe measured response to that acoustic stimulus (e.g. as detected with amicrophone in the personal audio device).

In step 402, additional authentication data is obtained from the user.For example, the additional authentication data may comprise voicebiometric data. e.g. received via the microphone 308 or via anothermicrophone such as a dedicated voice microphone (not illustrated).

For example, the additional authentication data may comprise a responseto a security question output to the user. The question may relate to apassphrase, password or pin number. In some embodiments, the questionmay be configured such that the correct answer does not reveal theentire passphrase, password or pin number. For example, the question mayrelate to a particular character or digit of the passphrase, password orpin number (e.g., “what is the third character of the password?”). Thusonly part of the user's passphrase, password or pin number is input bythe user in response to the question. The question may require theperformance of a mathematical or logical operation on the pin number orpart thereof (e.g., “what is the first digit of the pin number plusthree?”). The question may be output audibly (e.g. through playback overthe loudspeaker 306), so that only the user can hear the question.Further, the input-output mechanism may provide for input of the answeraudibly (e.g. through the microphone 308 or some other microphone suchas a voice mic), or via some other input mechanism, such as atouchscreen, keypad, keyboard, or similar. In some embodiments, theaudible answer may be used for voice biometric authentication as well asa response to the security question.

In step 404, the user is authenticated based on the ear biometric dataand the additional data obtained in step 402.

The authentication may be carried out on the combination of data inmultiple different ways. For example, in one embodiment separateauthentication algorithms may be carried out on each of the sets of dataacquired in steps 400 and 402, and separate authentication scoresacquired from each of the sets of data. The scores may then be combinedto generate an overall score, indicating the overall likelihood that theuser is an authorised user, with the authentication decision being takenon this score (e.g. by comparing the score to a threshold). In analternative embodiment, the individual biometric scores may be handledseparately (e.g., compared to separate thresholds) and individualauthentication decisions being taken on each score. Overallauthentication is then based on a combination of the decisions. Forexample, failure at any one of the authentication algorithms may resultin failure of the authentication overall. Thus, if the ear biometricalgorithm results in an authentication, but one or more of the othermechanisms results in a rejection (i.e. because the voice does not matcha stored voice print for the user, or the response to the securityquestion was wrong), the user may be rejected overall.

FIG. 5 is a flowchart of a method according to further embodiments ofthe disclosure. The method may be carried out in the context of a userseeking authentication with a system (such as the system 300 describedabove), and utilizing a personal audio device to communicate with thesystem (i.e. providing speech input to the system and/or receiving audiooutput from the system).

In step 500, ear biometric data is obtained from the user via thepersonal audio device. One or more loudspeakers or similar transducerspositioned close to or within the ear generate an acoustic stimulus, andone or more microphones similarly positioned close to or within the eardetect the acoustic response of the ear to the acoustic stimulus. One ormore features may be extracted from the response signal, and used tocharacterize the individual. The acoustic stimulus may comprise aflat-spectrum signal, a signal in which frequencies found to bediscriminative of individuals have greater amplitude than otherfrequencies, or may even be a normal playback signal (e.g. music).

In step 502, a biometric algorithm is performed on the acquired data todetermine whether the user is an authorised user. For example, the oneor more extracted features may be compared to one or more stored earmodels (i.e. ear prints), and a biometric score generated, indicatingthe level of similarity or closeness between the acquired data and thestored ear models. If the acquired data does not match any of the storedear models to a sufficient degree (e.g. the biometric scores are lessthan a threshold value for each of the stored ear models), the methodproceeds to step 504 in which the user is rejected by the authenticationsystem. For example, the user may be prevented from performing arestricted operation or accessing a restricted application or area.Alternatively, the method may be restarted and authenticationre-attempted.

If the acquired data matches one of the stored ear models to asufficient degree (e.g. the biometric score is greater than or equal toa threshold value), the user may be identified as the authorised userassociated with that stored ear model and the method proceeds to step506.

In step 506, a security question is output to the user. The securityquestion may be specific to the user identified in step 502, or theanswer to the security question may be specific to the user identifiedin step 502. The security question may be played back to the userthrough the speaker used to obtain the ear biometric data.

The question may relate to a passphrase, password or pin numberassociated with the authorised user. In some embodiments, the questionmay be configured such that the correct answer does not reveal theentire passphrase, password or pin number. For example, the question mayrelate to a particular character or digit of the passphrase, password orpin number (e.g., “what is the third character of the password?”). Thusonly part of the user's passphrase, password or pin number is input bythe user in response to the question. The question may require theperformance of a mathematical or logical operation on the pin number orpart thereof (e.g., “what is the first digit of the pin number plusthree?”).

The user thus speaks the answer to the security question and acorresponding voice signal is received by the system. The speech may bedetected by the microphone used to acquire the ear biometric data and/oranother microphone (such as a dedicated voice microphone).

The system may comprise a speech recognition module, or an interfacewith an external speech recognition module over which the voice signalcan be sent for analysis. In either case, the voice signal from the useris analysed in step 508 to determine if the answer uttered by the useris correct. If the answer is incorrect, the method may proceed to step504, and rejection of the user.

If the answer is correct, the method proceeds to step 510, in which avoice biometric algorithm is performed on the voice signal (i.e. theresponse to the question posed in step 506). (In alternativeembodiments, steps 508 and 510 may be carried out simultaneously witheach other.) The voice biometric algorithm may comprise a comparison ofone or more features extracted from the voice signal to a stored voicemodel (i.e. a voice print) of the authorised user identified in step502. A voice biometric score may be generated, indicating the level ofsimilarity between the voice signal and the stored voice model.

In one embodiment, the voice biometric score is compared to a respectivethreshold value and a decision taken on whether the voice signal is amatch to the stored voice model. If the decision is positive (i.e. ifthe voice biometric score equals or exceeds the threshold value), themethod proceeds to step 512 and the user can be authenticated as theauthorised user. If the decision is negative (i.e. the voice biometricscore is less than the threshold), the method proceeds to step 504 andthe user is rejected.

In an alternative embodiment, the voice biometric score is combined withthe ear biometric score (i.e. obtained in step 502) to generate anoverall score, and the overall score compared to an overall thresholdvalue. The biometric scores may be combined by simply summing.

Alternatively, the biometric scores may subject to a weighted summation,with each biometric score weighted by a respective coefficient. Forexample, one method of achieving such weighting is as follows:

S _(total) =p ₁ s ₁ +p ₂ s ₂

where S_(total) is the total (i.e. combined, overall) biometric score,s₁ and s₂ are the biometric scores obtained via the separateauthentication algorithms (e.g. ear and voice, respectively), p₁ and p₂are weighting coefficients, and p₁+p₂=1. The biometric scores s₁ and s₂may also take values between 0 and 1.

The weighting coefficients may be fixed, or dynamically adjustable. Forexample, in one embodiment the weighting coefficients may be determinedbased on one or more quality metrics related to the biometric data (e.g.the ear and voice biometric data). The one or more quality metrics maycomprise one or more of: a signal to noise ratio; the presence ofclipping in the signal; one or more spectral parameters (such asspectral peaking, spectral flatness, spectral tilt, etc); energy perfrequency bin, etc. Thus if the quality of one of the sets of biometricdata is low (or relatively low compared to the other biometric data),the weighting coefficients may be adjusted to emphasize the biometricscore for the higher-quality biometric algorithm.

Methods described herein may be utilized to achieve power savings in theauthentication system. For example, one or more parts of the system 300may be kept in a low-power state until the user has passed at least afirst authentication algorithm (e.g. the ear biometric algorithm). Uponpassing the first authentication algorithm, further parts of the systemmay be powered on to carry out one or more second authenticationalgorithms (e.g. voice biometric, or security question algorithms). Forexample, the authentication module 320 may be kept in a low-power stateuntil the biometric module 316 generates a positive authenticationresult based on the ear biometric algorithm (e.g. in step 502).

Embodiments of the disclosure thus provide methods, apparatus andsystems for authenticating a user.

Embodiments described above have focussed on an implementation in whichear biometrics and/or voice biometrics are performed on signals detectedin a single ear. It will be appreciated by those skilled in the art thatthe embodiments may straightforwardly be adapted to take intoconsideration biometric data obtained from both ears of a user. Thus,where the description above discloses acquiring data from an ear (e.g.through application of an acoustic stimulus and detection of theresponse, or acquisition of a bone-conducted voice signal in the ear),data may similarly be acquired from two ears. For example, the system300 described above may comprise respective signal processing chains fordata from each ear (e.g. respective ADCs, Fourier transform modules,and/or feature extract modules), or a single signal processing chainwhich is multiplexed between data streams generated within each ear.Biometric algorithms may similarly be performed on data from both ears,and this may be combined as described above, i.e. separate biometricauthentication scores combined to form a combined score on which anoverall decision is determined, or separate biometric authenticationdecisions which are then combined to determine an overall decision.

Embodiments may be implemented in an electronic, portable and/or batterypowered host device such as a smartphone, an audio player, a mobile orcellular phone, or a handset. Embodiments may be implemented on one ormore integrated circuits provided within such a host device. Embodimentsmay be implemented in a personal audio device configurable to provideaudio playback to a single person, such as a smartphone, a mobile orcellular phone, headphones, earphones, etc., see FIGS. 1a to 1 e. Again,embodiments may be implemented on one or more integrated circuitsprovided within such a personal audio device. In yet furtheralternatives, embodiments may be implemented in a combination of a hostdevice and a personal audio device. For example, embodiments may beimplemented in one or more integrated circuits provided within thepersonal audio device, and one or more integrated circuits providedwithin the host device.

It should be understood—especially by those having ordinary skill in theart with the benefit of this disclosure—that the various operationsdescribed herein, particularly in connection with the figures, may beimplemented by other circuitry or other hardware components. The orderin which each operation of a given method is performed may be changed,and various elements of the systems illustrated herein may be added,reordered, combined, omitted, modified, etc. It is intended that thisdisclosure embrace all such modifications and changes and, accordingly,the above description should be regarded in an illustrative rather thana restrictive sense.

Similarly, although this disclosure makes reference to specificembodiments, certain modifications and changes can be made to thoseembodiments without departing from the scope and coverage of thisdisclosure. Moreover, any benefits, advantages, or solutions to problemsthat are described herein with regard to specific embodiments are notintended to be construed as a critical, required, or essential featureor element.

Further embodiments likewise, with the benefit of this disclosure, willbe apparent to those having ordinary skill in the art, and suchembodiments should be deemed as being encompassed herein.

The skilled person will recognise that some aspects of theabove-described apparatus and methods, for example the discovery andconfiguration methods may be embodied as processor control code, forexample on a non-volatile carrier medium such as a disk, CD- or DVD-ROM,programmed memory such as read only memory (Firmware), or on a datacarrier such as an optical or electrical signal carrier. For manyapplications embodiments of the invention will be implemented on a DSP(Digital Signal Processor), ASIC (Application Specific IntegratedCircuit) or FPGA (Field Programmable Gate Array). Thus the code maycomprise conventional program code or microcode or, for example code forsetting up or controlling an ASIC or FPGA. The code may also comprisecode for dynamically configuring re-configurable apparatus such asre-programmable logic gate arrays. Similarly the code may comprise codefor a hardware description language such as Verilog™ or VHDL (Very highspeed integrated circuit Hardware Description Language). As the skilledperson will appreciate, the code may be distributed between a pluralityof coupled components in communication with one another. Whereappropriate, the embodiments may also be implemented using code runningon a field-(re)programmable analogue array or similar device in order toconfigure analogue hardware.

Note that as used herein the term module shall be used to refer to afunctional unit or block which may be implemented at least partly bydedicated hardware components such as custom defined circuitry and/or atleast partly be implemented by one or more software processors orappropriate code running on a suitable general purpose processor or thelike. A module may itself comprise other modules or functional units. Amodule may be provided by multiple components or sub-modules which neednot be co-located and could be provided on different integrated circuitsand/or running on different processors.

It should be noted that the above-mentioned embodiments illustraterather than limit the invention, and that those skilled in the art willbe able to design many alternative embodiments without departing fromthe scope of the appended claims or embodiments. The word “comprising”does not exclude the presence of elements or steps other than thoselisted in a claim or embodiment, “a” or “an” does not exclude aplurality, and a single feature or other unit may fulfil the functionsof several units recited in the claims or embodiments. Any referencenumerals or labels in the claims or embodiments shall not be construedso as to limit their scope.

Although the present disclosure and certain representative advantageshave been described in detail, it should be understood that variouschanges, substitutions, and alterations can be made herein withoutdeparting from the spirit and scope of the disclosure as defined by theappended claims or embodiments. Moreover, the scope of the presentdisclosure is not intended to be limited to the particular embodimentsof the process, machine, manufacture, compositions of matter, means,methods, or steps, presently existing or later to be developed thatperform substantially the same function or achieve substantially thesame result as the corresponding embodiments herein may be utilized.Accordingly, the appended claims or embodiments are intended to includewithin their scope such processes, machines, manufacture, compositionsof matter, means, methods, or steps.

1. A method in a biometric authentication system, the method comprising:obtaining ear biometric data for a user to be authenticated; identifyingthe user as a particular authorised user based on the ear biometricdata; obtaining voice biometric data for the user to be authenticated;and authenticating the user as the particular authorised user based onthe voice biometric data.
 2. The method according to claim 1, furthercomprising outputting a security question message to the user, specificto the user and authenticating the user as the particular authoriseduser based on a response message from the user.
 3. The method accordingto claim 2, wherein the security question message is output audibly viathe personal audio device.
 4. The method according to claim 2, whereinthe security question message relates to a password, passphrase or pinnumber associated with the particular authorised user.
 5. The methodaccording to claim 4, wherein the security question message isconfigured such that a correct response relates only to part of thepassword, passphrase or pin number.
 6. The method according to claim 4,wherein the security question message relates to a logical operationcarried out on the password, passphrase or pin number.
 7. The methodaccording to claim 2, wherein authenticating the user as the particularauthorised user based on the response message comprises authenticatingthe user as the particular authorised user in response to adetermination that an answer to the security question message in theresponse message is correct.
 8. The method according to claim 2, whereinthe response message comprises an audio response message, wherein thevoice biometric data is obtained from the audio response message.
 9. Themethod according to claim 1, wherein the step of obtaining ear biometricdata comprises: initiating an acoustic stimulus for application to theuser's ear; and extracting one or more features from a measured responseto the acoustic stimulus.
 10. The method according to claim 9, whereinthe acoustic stimulus comprises an audio playback signal.
 11. The methodaccording to claim 10, wherein the audio playback signal comprisesmusic.
 12. The method according to claim 9, wherein the step ofextracting one or more features from the measured response comprisesextracting one or more features from a transfer function between theacoustic stimulus and the measured response.
 13. The method according toclaim 1, wherein the ear biometric data is obtained by a personal audiodevice.
 14. The method according to claim 13, wherein the ear biometricdata is obtained by a microphone in the personal audio device.
 15. Themethod according to claim 14, wherein the microphone is further utilizedas part of an active noise cancellation system.
 16. An electronicapparatus, comprising processing circuitry and a non-transitorymachine-readable medium storing instructions which, when executed by theprocessing circuitry, cause the electronic apparatus to: obtain earbiometric data for a user to be authenticated; identify the user as aparticular authorised user based on the ear biometric data; obtain voicebiometric data for the user to be authenticated; and authenticate theuser as the particular authorised user based on the voice biometricdata.
 17. The electronic apparatus according to claim 16, wherein theelectronic apparatus is caused to output a security question message tothe user, specific to the user and authenticating the user as theparticular authorised user based on a response message from the user,wherein the electronic apparatus is caused to authenticate the user asthe particular authorised user based on the response message byauthenticating the user as the particular authorised user in response toa determination that an answer to the security question message in theresponse message is correct.
 18. The electronic apparatus according toclaim 16, wherein the electronic apparatus is caused to output asecurity question message to the user, specific to the user andauthenticating the user as the particular authorised user based on aresponse message from the user, wherein the response message comprisesan audio response message, wherein the electronic apparatus is furthercaused to obtain voice biometric data from the audio response message.19. The electronic apparatus according to claim 16, wherein theelectronic apparatus is caused to obtain ear biometric data by:initiating an acoustic stimulus for application to the user's ear; andextracting one or more features from a measured response to the acousticstimulus.
 20. A non-transitory machine-readable medium storinginstructions which, when executed by processing circuitry of anelectronic apparatus, cause the electronic apparatus to: obtain earbiometric data for a user to be authenticated; obtain voice biometricdata for the user to be authenticated; output a security questionmessage to the user, specific to the particular authorised user; andauthenticate the user as the particular authorised user based on thevoice biometric data.